The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the...
7.5CVSS
7.1AI Score
0.0004EPSS
The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become...
8.8CVSS
7.2AI Score
0.0004EPSS
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
6.7AI Score
0.0004EPSS
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program...
7.5CVSS
7.5AI Score
0.0004EPSS
An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service...
5.3CVSS
6.8AI Score
0.0004EPSS
Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system ...
7.5CVSS
7AI Score
0.0004EPSS
The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password...
7.5CVSS
7.1AI Score
0.0004EPSS
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), L...
9.8CVSS
9.5AI Score
0.001EPSS
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user...
8.8CVSS
7.8AI Score
0.003EPSS
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS...
9.8CVSS
9.4AI Score
0.003EPSS
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control.....
9.8CVSS
9.5AI Score
0.002EPSS
PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES]...
7.5AI Score
0.034EPSS